What is the key difference
between operating a home-banking Web application and
asking a clerk to deposit a check in your account? It is the reputation
of the place where the action happens. You trust the bank
as an institution because of its reputation, and you assume that
those who work there are trustworthy, too (at least to the extent
of the business you want to conduct there). Being physically in
the bank allows you to assess risks in a satisfactory fashion,
whereas the average user is nearly clueless about the actual
location and true identity of a website. It is this conscious cluelessness
that poisons the con?¬?dence of users, sometimes to the
point of inducing them to cease all online transactions.
To be fair, there is a mechanism in place that is actually
intended to assess the identity of a website. In the section ???HTTP
and HTTPS: The King Is Naked,??? we introduced HTTPS, and
you have seen how associating a certi?¬?cate to a website takes
care of publishing the public key of the website itself. The certi
?¬?cate is securely tied to the website because it contains a reference
to its URL in the subject ?¬?eld. We can consider the
certi?¬?cate itself a trustworthy source for assessing the identity of
the website.
Pages:
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156